CVE-2026-2439

{"id": "CVE-2026-2439", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2026-02-16T22:22:41.470", "references": [{"url": "https://github.com/bwva/Concierge-Sessions/commit/20bb28e92e8fba307c4ff8264701c215be65e73b", "tags": ["Patch"], "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"}, {"url": "https://metacpan.org/release/BVA/Concierge-Sessions-v0.8.4/diff/BVA/Concierge-Sessions-v0.8.5#lib/Concierge/Sessions/Base.pm", "tags": ["Product", "Release Notes"], "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"}, {"url": "https://perldoc.perl.org/5.42.0/functions/rand", "tags": ["Third Party Advisory"], "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"}, {"url": "https://security.metacpan.org/docs/guides/random-data-for-security.html", "tags": ["Third Party Advisory"], "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"}, {"url": "https://www.rfc-editor.org/rfc/rfc9562.html#name-security-considerations", "tags": ["Third Party Advisory"], "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "description": [{"lang": "en", "value": "CWE-338"}, {"lang": "en", "value": "CWE-340"}]}], "descriptions": [{"lang": "en", "value": "Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generate_session_id function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl's built-in rand function. Neither of these methods are secure, and attackers are able to guess session_ids that can grant them access to systems. Specifically,\n\n * There is no warning when uuidgen fails. The software can be quietly using the fallback rand() function with no warnings if the command fails for any reason.\n * The uuidgen command will generate a time-based UUID if the system does not have a high-quality random number source, because the call does not explicitly specify the --random option. Note that the system time is shared in HTTP responses.\n * UUIDs are identifiers whose mere possession grants access, as per RFC 9562.\n * The output of the built-in rand() function is predictable and unsuitable for security applications."}, {"lang": "es", "value": "Las versiones de Concierge::Sessions desde la 0.8.1 anteriores a la 0.8.5 para Perl generan identificadores de sesi\u00f3n inseguros. La funci\u00f3n generate_session_id en Concierge::Sessions::Base por defecto utiliza el comando uuidgen para generar un UUID, con un mecanismo de respaldo que usa la funci\u00f3n rand incorporada de Perl. Ninguno de estos m\u00e9todos es seguro, y los atacantes pueden adivinar los identificadores de sesi\u00f3n que pueden otorgarles acceso a los sistemas. Espec\u00edficamente,\n\n * No hay ninguna advertencia cuando uuidgen falla. El software puede estar utilizando silenciosamente la funci\u00f3n de respaldo rand() sin advertencias si el comando falla por cualquier motivo.\n * El comando uuidgen generar\u00e1 un UUID basado en el tiempo si el sistema no tiene una fuente de n\u00fameros aleatorios de alta calidad, porque la llamada no especifica expl\u00edcitamente la opci\u00f3n --random. Tenga en cuenta que la hora del sistema se comparte en las respuestas HTTP.\n * Los UUID son identificadores cuya mera posesi\u00f3n otorga acceso, seg\u00fan la RFC 9562.\n * La salida de la funci\u00f3n rand() incorporada es predecible e inadecuada para aplicaciones de seguridad."}], "lastModified": "2026-03-10T18:12:46.927", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bva:concierge\\:\\:sessions:*:*:*:*:*:perl:*:*", "vulnerable": true, "matchCriteriaId": "CDB9F71D-07E7-4EF3-8C7A-BF35F9175DB9", "versionEndExcluding": "0.8.5", "versionStartIncluding": "0.8.1"}], "operator": "OR"}]}], "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e"}